Skip to main content
Back to Blog
Feature Spotlight

Document Archive: Secure Storage with Version Control and Retention Policies

For many organizations, document management is the foundation of everything else. Whether you're storing case files, public records, internal policies, or evidence — you need a system that's secure, searchable, and auditable. Zeph's document archive module is designed to be exactly that.

More Than a File Server

Zeph's archive isn't just a folder structure with a web interface. It's a purpose-built document management system designed for organizations that need to treat documents as first-class records — not just files sitting on a shared drive. The system provides capabilities that a basic file server simply can't offer:

  • Full-text search — Search across the contents of every uploaded document, not just file names. Find the policy memo that mentions a specific statute, the report that references a particular individual, or the communication that contains a key phrase — all in seconds.
  • Automatic metadata extraction — Every document is automatically tagged with file type, size, upload date, uploader identity, and MIME type. This metadata is indexed and searchable, so you can filter documents by who uploaded them, when, and in what format.
  • Custom tagging and categorization — Apply custom tags to any document for organizational purposes. Tags are searchable and filterable, making it easy to group related documents across different folders or case files.
  • Document type classification — Define document type schemas with configurable required metadata fields. An autopsy report has different required fields than a toxicology result or a correspondence letter. The system enforces these schemas at upload time.

Version Control

Every document edit or re-upload creates a new version. The system maintains a complete version history with timestamps, uploader identity, and change notes for every revision. Any authorized user can view the version timeline and revert to a previous version if needed — the reverted version becomes the new current version while the full history is preserved.

This is critical for compliance environments where you need to prove what version of a document was current at any point in time. If an auditor asks what your standard operating procedure looked like six months ago, you can pull up that exact version with a single click. Version control also eliminates the "which version is the real one" problem that plagues organizations relying on email attachments and shared drives for document collaboration.

Retention Policies

Configure retention schedules per document type directly from the admin panel. Each document type can have its own retention period — personnel records might be retained for seven years, case files for twenty-five, and routine correspondence for three. When a retention period expires, the system can take one of several configurable actions:

  • Flag for review — Mark the document for manual review by a records manager before any action is taken.
  • Automatic archival — Move the document to a long-term archive tier with reduced access permissions.
  • Destruction workflow — Initiate a multi-step destruction process that requires supervisory approval before the document is permanently deleted.

All retention actions — flagging, archival, destruction requests, approvals, and deletions — are logged in the tamper-evident audit trail. This means you can prove not just that a document existed, but exactly when and how it was disposed of, and who authorized the action.

Access Control & Audit

Every document access event is logged with full detail: user identity, timestamp, IP address, action type (view, download, edit, delete, print), and the specific document version accessed. This audit log is tamper-evident — entries cannot be modified or deleted, even by system administrators.

Role-based permissions control who can see, edit, download, or delete documents at multiple levels: per folder, per document type, and per security classification. A supervisor might have full access to all case documents, while a data entry clerk can only upload and view documents in their assigned case types. These permissions are managed through the same RBAC system that controls access to the rest of the platform, so there's no separate permission structure to maintain.

Virus Scanning

Files are scanned via ClamAV integration before they're stored in the archive. Infected files are rejected automatically with a clear error message to the uploader — no manual review required. The virus scanning engine's signature database is updated on a configurable schedule, and scan results are logged for every upload attempt, whether the file passed or was rejected. This automated scanning layer means your document archive stays clean without adding another manual step to your team's upload workflow.

Works With Everything Else

Documents in the archive aren't isolated files — they're connected records. Any document can be linked to cases, contacts, communications, and evidence records throughout the platform. This cross-linking means your team always has context: they can see exactly which case a document belongs to, who uploaded it, every action that's been taken on it, and every other record it's connected to.

When a staff member opens a case, they see all linked documents in a dedicated documents tab. When they open a contact record, they see every document that contact has submitted or been sent. When they review an evidence item, they see the chain of custody documentation attached directly to the record. This interconnected approach eliminates the silos that form when documents live in a separate system from the records they support.

See It in the Demo Learn About Online Archive
Share this post: LinkedIn X Facebook